﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;

public partial class SysManager_UserDataSet : BaseDataPage
{
    protected override void OnInit(EventArgs e)
    {
        base.OnInit(e);
        this.Load += new System.EventHandler(Page_Load);
    }
    protected void Page_Load(object sender, EventArgs e)
    {
        string aciton = Request.Params["aciton"];
        switch (aciton)
        {
            case "GetUserList":
                GetUserList();
                break;
            case "GetStockList":
                GetStockList();
                break;
            case "GetUserRights":
                GetUserRights();
                break;
            case "AddUserRight":
                AddUserRight();
                break;
            case "DelUserRight":
                DelUserRight();
                break;
        }
    }

    private void DelUserRight()
    {
        string rid = Request.Params["rid"];
        if (mydb.DM_ExecuteNonQuery("delete from sys_userdatarights where rid="+rid) == -1)
        {
            Response.Write("ERROR");
            Response.End();
        }
        else
        {
            Response.Write("OK");
            Response.End();
        }
    }

    private void AddUserRight()
    {
        string userid = Request.Params["userid"];
        string sourceid = Request.Params["sourceid"];
        string sourcename = Request.Params["sourcename"];
        string sql = @"insert into sys_userdatarights(userid,sourceid,sourcename,creator)
                    values(" + userid + ",'" + sourceid + "','" + sourcename + "','" + Session["UserID"] + "')";
        if (mydb.DM_ExecuteNonQuery(sql) == -1)
        {
            Response.Write("ERROR");
            Response.End();
        }
        else
        {
            Response.Write("OK");
            Response.End();
        }
    }

    private void GetUserRights()
    {
        string userid = Request.Params["userid"];
        string source = Request.Params["source"];
        if (!string.IsNullOrEmpty(source))
        {
            source = " and sourcename like '%"+source+"%'";
        }
        string sql = "select * from sys_userdatarights where userid= " + userid + source;
        DataSet ds = mydb.DM_GetDateSet(sql);
        if (ds.Tables[0].Rows.Count > 0)
        {
            string sbr = "";
            sbr = "[";
            foreach (DataRow dr in ds.Tables[0].Rows)
            {
                sbr += "{\"sourceid\":\"" + dr["sourceid"]
                 + "\",\"sourcename\":\"" + dr["sourcename"]
                 + "\",\"rid\":\"" + dr["rid"]
                 + "\"},";
            }
            sbr = sbr.TrimEnd(',') + "]";
            Response.Write(sbr);
            Response.End();

        }
        else
        {
            Response.Write("NO_DATA");
            Response.End();
        }
    }

    private void GetUserList()
    {
        string username = Request.Params["username"];
        string sql = "select * from sys_loginuser where block = 1 "+(username !=""?" and username like '%"+username+"%' or usercode like '%"+username+"%'":"");
        DataSet ds = mydb.DM_GetDateSet(sql);
        if (ds.Tables[0].Rows.Count > 0)
        {
            string sbr = "";
            sbr = "[";
            foreach (DataRow dr in ds.Tables[0].Rows)
            {
                sbr += "{\"usercode\":\"" + dr["usercode"]
                 + "\",\"username\":\"" + dr["username"]
                 + "\",\"userid\":\"" + dr["userid"]
                 + "\"},";
            }
            sbr = sbr.TrimEnd(',') + "]";
            Response.Write(sbr);
            Response.End();

        }
        else
        {
            Response.Write("NO_DATA");
            Response.End();
        }
    }

    private void GetStockList()
    {
        string stockname = Request.Params["stockname"];
        string userid = Request.Params["userid"];
        string str = "";
        if (!string.IsNullOrEmpty(stockname))
        {
            str += " and (stockname like '%" + stockname + "%' or fullname like '%"+stockname+"%')";
        }
        string sql = "select * from V_StockList where 1=1 and stockid not in (select isnull(sourceid,'') from sys_userdatarights where userid=" + userid
            +") " + str + " order by stockcode";
        DataSet ds = mydb.DM_GetDateSet(sql);
        if (ds.Tables[0].Rows.Count > 0)
        {
            string sbr = "";
            sbr = "[";
            foreach (DataRow dr in ds.Tables[0].Rows)
            {
                sbr += "{\"stockid\":\"" + dr["stockid"]
                 + "\",\"stockcode\":\"" + dr["stockcode"]
                 + "\",\"stockname\":\"" + dr["stockname"]
                 + "\"},";
            }
            sbr = sbr.TrimEnd(',') + "]";
            Response.Write(sbr);
            Response.End();

        }
        else
        {
            Response.Write("NO_DATA");
            Response.End();
        }
    }
}